Setup of OpenIDConnect (Entra or other IDP)
1a (If Azure Entra) Setup of IDP
(If other IDP is used, please refer to their documentation on how to setup an OpenIDConnect)
Sign in to the Azure Entra Portal with an admin account.
Create a new App registration:
Give it a fitting name and select the correct account types.
In the redirect URI you will need to insert (Replace DAMURL)
https://DAMURL/DigizuiteCore/LoginService/signin-oidc
If there are multiple DAM URLs, they need to be added as well (with the /DigizuiteCore/LoginService/signin-oidc added).
It is important that its the backend URLs, not URLs for Media manager, office connector e.g.
Go to Authentication and add ID token
Go to Certificates & secrets
And create a new client secret. Please copy the value this is needed later on.
Go back to the Overview and copy the “Application (client) ID” and “Directory (tenant) ID”.
Send the “Application (client) ID” and “Directory (tenant) ID” and the Value of the client secret to Digizuite.
1b (If using a different IDP than Azure Entra)
Set up Redirect URL:
https://DAMURL/DigizuiteCore/LoginService/signin-oidc
If there are multiple DAM URLs, they need to be added as well (with the /DigizuiteCore/LoginService/signin-oidc added).
It is important that its the backend URLs, not URLs for Media manager, office connector e.g.
Send the following information to Digizuite:
Authority
Client ID
Client Secret
Name claim type - This is a unique username (could be email or sub)
2 Setup the SSO in the Media manager
Login to the media manager with a Super administrator.
Go to “Settings” - “General settings” - “SSO“
Select OpenIDConnect
Insert a Template member user ID. You can use the guest user if you want low access: 30006 (Or you can create a template user that matches your need)
Select the Sync level
Enter a name
Enter Authority (If Entra it will be https://login.microsoftonline.com/“Directory (tenant) ID”/ e.g. https://login.microsoftonline.com/d555db3d-40a3-49c1-9222-231563730bdd/ )
Enter Client ID (If Entra it will be Application (client) ID)
Enter Client secret
Enter Name claim type (leave as default if using Entra)
Now Press Save and then Activate.
Once it says “Latest is active” the SSO configuration is enabled
Setup of Sync groups in the DAM
If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.
You will need to Login with a super administrator and go to:
System tools- Users and groups - Groups
Find the group you want to bind and do the enter the binding ID and select “Is binding group”:
Repeat this process for all the groups that should be synced.